Jump to content

Secured area how to ?


liefwin

Recommended Posts

Hi,
I'm having a secured area where the username and pasw are stored in a MySql Db.
As i'm complete new i found this on the net and after a while i got it working :-)

How can i get a message or store details of users access (who, when, which page,...) to the protected area ?
Any help is more than welcome !
thx



this is the code i use in the connect.php
*********************************************************************************************************************
<?php
define ('DB_USER', '*************'); // Database User Name
define ('DB_PASSWORD', '***********'); // Database User Password
define ('DB_HOST', '**********'); // Host Name (mostly localhost)
$dbc = mysql_connect (DB_HOST, DB_USER, DB_PASSWORD); // Establishes connection
mysql_select_db(**************'); // database name to connect to

define(TABLE_NAME,'user'); // Table Name
define(USER_NAME,'username'); // Username Field Name
define(PASS_NAME,'password'); // Password Field Name
?>
**********************************************************************************************************************************

This is the code i use in the index.php page
**********************************************************************************************************************************
<?php
session_start();

//site_defines
$SECURED_PAGE = 'index2.php';

// If the form was submited check if the username and password match
if($_POST['submitid'] == 1){
//Call the database file
require_once("connect.php");
$username = $_POST['username'];
$password = $_POST['password'];
$user_query = @mysql_query("SELECT * FROM " . TABLE_NAME . " WHERE `" . USER_NAME . "`='$username' AND `" . PASS_NAME . "`='$password'");

if(@mysql_num_rows($user_query) > 0){
//Make sessions
$_SESSION['isloged'] = 'yes';
$_SESSION['username'] = $_POST[username];

// Redirect to the page
header("Location: $SECURED_PAGE");
exit();
} else {
$message = 'Uw username en/of password is niet correct !';
}
}
?>
<?php

//Check if we are displaying a message to the user:
if($message != NULL){?>
<table width="500" border="0" cellpadding="3" cellspacing="0" bgcolor="#CCCCCC" align="center">
<tr>
<td><div align="center"><strong><font color="#FF0000"><?=$message;?></font></strong></div></td>
</tr>
</table>
<?php } ?>
<form action="<? echo $_SERVER['PHP_SELF'];?>" method="post" name="adminlogin" id="adminlogin" style="display:inline;">
<br><br><br><br><table width="500" border="1" align="center" cellpadding="5" cellspacing="0" bordercolor="#336699">
<tr bgcolor="#99CCFF">
<td colspan="2"><div align="center"><strong>Please Login</strong></div></td>
</tr>
<tr>
<td width="47%"><strong>Username:</strong></td>
<td width="53%"><input name="username" type="text" id="username"></td>
</tr>
<tr>
<td><strong>Password:</strong></td>
<td><input name="password" type="password" id="password"></td>
</tr>
<tr>
<td colspan="2"><div align="center"><font face="Georgia, Times New Roman, Times, serif"><strong>
<input name="Submit" type="submit" id="Submit" value="Inloggen">
<input name="submitid" type="hidden" id="submitid" value="1">
</strong></font> </div></td>
</tr>
</table>
<p>&nbsp;</p>
</form>
Link to comment
Share on other sites

It sounds like you just want logging.. Based on the $_SESSION object, you can take the username and create a log entry each time a page is accessed by an authenticated user. Something like this :

[code]
session_start();

// Check to see if the user is logged in
if (! $_SESSION['islogged']) {
   header('/login.php');
   exit;
}

// Open the log file and write a log entry to it
fopen($logfile, 'a');
fwrite($logfile, $_SESSION['username'] . ' accessed page mypage.php');
fclose($logfile);

// Continue with the rest of what mypage.php should do
[/code]

I'm definitely no expert with file access as I don't use it very heavily, so there may be a better way to do the file handling bit. But, the above code should get your foot in the door...

Also note, the mere use of session_start() does not mean that you have a secure site. It's fairly easy to steal sessions. I use a SQL database to store additional information such as session ID, ip address, etc. to ensure that the session doesn't migrate somewhere else.
Link to comment
Share on other sites

Here's a link to the code I use : [a href=\"http://www.godshell.com/oss/secure-login.tar.gz\" target=\"_blank\"]http://www.godshell.com/oss/secure-login.tar.gz[/a]

Note : This is not for drop-in usage. It was written for a specific app. However, it should be relatively easy to change.
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.